250 likes | 381 Views
The Dual Receiver Cryptosystem and its Applications. Presented by Brijesh Shetty. Overview. Dual Receiver Cryptosystem – Concept Interesting Applications Combined Cryptosystem Useful Puzzle Solving. Dual Receiver Cryptosystem. Encryption Scheme
E N D
The Dual Receiver Cryptosystem and its Applications Presented by Brijesh Shetty
Overview • Dual Receiver Cryptosystem – Concept • Interesting Applications • Combined Cryptosystem • Useful Puzzle Solving
Dual Receiver Cryptosystem • Encryption Scheme • Ciphertext can be decrypted by two independent receivers! • Bilinear Diffie Hellman Assumption (based on elliptic curves)
Elliptic Curve based Discrete Log problem • Given Y = k . P and Y,P (i.e P added to itself k times) Find k ???? • (P,P)--- g (Y,P)--- h • By definition of Bilinear Curve, we get h = gk [since (aP,bQ)=(P,Q)ab] (Y,P)=(kP,P)=(P,P)k=gk
“ Key Escrow ” (in the context of Dual receiver) • An arrangement where keys needed to decrypt encrypted data must be held in escrow by a third party. • Eg. Govt. agencies can use it to decrypt messages which they suspect to be relevant to national security.
Dual Receiver Cryptosystem A Ciphertext C Decrypts to m B Message m Encrypt using public keys of B and C C can also decrypt! C does not learn about the private keys of B or A !! C
Dual Receiver Cryptosystem- The Scheme • Some Definitions • (Semantically secure) Dual Receiver Cryptosystem scheme
Definitions (Randomised algorithms) • Key Generation algorithm K(k) = (e,d) & (f,g) • Encryption algorithm E e,f (m) = c
Definitions (contd..) • Decryption Algorithm D Dd,f (c) = m • Recovery Algorithm R Re,g (c) = m
Dual Receiver Cryptosystem- The Scheme • Some Definitions • (Semantically secure) Dual Receiver Cryptosystem scheme
Semantically secure Dual Receiver Cryptosystem A (x, xP) (u1,u2,u3) Message m Random r B private (y, yP) C Hxis a hash fn associated with public key xP
Semantically secure Dual Receiver Cryptosystem A B (x, xP) Message m Random r u1 = rP u2 = yP u3 = m+Hx(<xP,yP>r) (y, yP) C
Decryption <u1,u2>x = <rP,yP>x = <xP,yP>r =<P,P>xyr B U3 + Hx(<xP,yP>r) =m
Recovery (Second Receiver) <u1,xP>y = <rP,xP>y = <xP,yP>r = <P,P>xyr C U3 + Hx(<xP,yP>r) =m
Dual Receiver Cryptosystem- The Scheme • Some Definitions • (Semantically secure) Dual Receiver Cryptosystem scheme
Overview • Dual Receiver Cryptosystem – Concept • Interesting Applications • Combined Cryptosystem • Useful Puzzle Solving
Combined Cryptosystem • We combine using a single key x • Dual Receiver Encryption • Signature
Signature (in Combined scheme) • Same key x . Hash I:{0,1}n -> G1 Sign the hash B A σ = x . I(m) Message m
Verification.. B has m, σ B Verify <P, σ> = <xP, I(m)> If they are same both must be equal <P,I(m)>x
Combined Cryptosystem • What is so special? • Dual receiver encryption facilitates escrow of the decryption capability & non escrow of the signature capability using the same key!! • The security of either of the schemes is not compromised
Overview • Dual Receiver Cryptosystem – Concept • Interesting Applications • Combined Cryptosystem • Useful Security Puzzles
Useful Security Puzzles • Application Areas • When Server wants to rate-limit the clients (against DOS attacks) • Lighten the server’s computational burden • Example : File Server
File Server (Security Puzzle) Server File Eke,Ka(Ks) Ks Abcde …… [ ] ¤¥§~¶ ……. (C1,C2) Client STORING FILE
File Server … (Request File) [ ] ¤¥§~¶ ……. Decryption.. Computation intensive (C1,C2) Dual Receiver Encrytpion G, F are hashes XOR and hash Random p C1 = Eke,Ka(p) u1 = Ks+ G(p) u2 = F(p,Ks,C1,u1) C2 = [u1,u2] Client C1, Pa Compute DPa,Ke(C1) TD1 G(TD1)+u1 = m Check u2=F(p,m,c,u1)